Enabling MongoDB authentication with –keyFile option.

Create a keyFile as below and change it's permissions & owner as below
 
[root@host-name bin]$ cat /srv/mongodb/keyfile
SrinivasMutyalakeyFileforTesting
[root@host-name bin]$ chown root:mongod /srv/mongodb/keyfile
[root@host-name bin]$ chmod 700 /srv/mongodb/keyfile
[root@host-name bin]$
[root@host-name bin]$ ls -lhtr /srv/mongodb/keyfile
-rwx------ 1 root mongod 33 Feb 12 08:18 /srv/mongodb/keyfile
[root@host-name bin]$
 
 
Start the shard by adding the --keyFile parameters as below.
------------------------------------------------------------
 
[root@host-name bin]$ pwd
/tmp/mongodb/bin
[root@host-name bin]$
[root@host-name bin]$
[root@host-name bin]$ ps -ef | grep mongo | grep -v grep
root 21120 1 0 03:49 ? 00:00:07 ./mongod --configsvr --dbpath /tmp/mongodb/data/config1 --port 29001 --fork --logpath /tmp/mongodb/logs/config1.log --logappend --journal --quiet --keyFile /srv/mongodb/keyfile
root 21179 1 0 03:49 ? 00:00:07 ./mongod --configsvr --dbpath /tmp/mongodb/data/config2 --port 29002 --fork --logpath /tmp/mongodb/logs/config2.log --logappend --journal --quiet --keyFile /srv/mongodb/keyfile
root 21196 1 0 03:49 ? 00:00:06 ./mongod --configsvr --dbpath /tmp/mongodb/data/config3 --port 29003 --fork --logpath /tmp/mongodb/logs/config3.log --logappend --journal --quiet --keyFile /srv/mongodb/keyfile
root 21278 1 0 03:49 ? 00:00:06 ./mongod --shardsvr --replSet shard --dbpath /tmp/mongodb/data/shard1 --logpath /tmp/mongodb/logs/shard1.log --port 27010 --fork --logappend --smallfiles --oplogSize 50 --journal --quiet --keyFile /srv/mongodb/keyfile
root 21325 1 0 03:49 ? 00:00:05 ./mongod --shardsvr --replSet shard --dbpath /tmp/mongodb/data/shard2 --logpath /tmp/mongodb/logs/shard2.log --port 27011 --fork --logappend --smallfiles --oplogSize 50 --journal --quiet --keyFile /srv/mongodb/keyfile
root 21372 1 0 03:49 ? 00:00:05 ./mongod --shardsvr --replSet shard --dbpath /tmp/mongodb/data/shard3 --logpath /tmp/mongodb/logs/shard3.log --port 27012 --fork --logappend --smallfiles --oplogSize 50 --journal --quiet --keyFile /srv/mongodb/keyfile
root 21497 1 0 03:50 ? 00:00:05 ./mongod --replSet shard --port 30000 --dbpath /tmp/mongodb/data/arbiter --fork --logpath /tmp/mongodb/logs/arbiter.log --logappend --quiet --keyFile /srv/mongodb/keyfile
root 21586 1 0 03:50 ? 00:00:03 ./mongos --configdb xx.xx.xx.xx:29001,xx.xx.xx.xx:29002,xx.xx.xx.xx:29003 --fork --logpath /tmp/mongodb/logs/router.log --port 10000 --logappend --quiet --keyFile /srv/mongodb/keyfile
root 23990 9631 0 04:01 pts/0 00:00:00 tail -10f /tmp/mongodb/logs/router.log
[root@host-name bin]$
 
Connect to router & primary with localhost execption as below, create & authenticate the users as below :-
-----------------------------------------------------------------------------------
 
[root@host-name bin]$ ./mongo localhost:10000
MongoDB shell version: 2.4.5
connecting to: localhost:10000/test
mongos>
mongos> db.addUser({user:"adm",pwd:"pwd",roles:["userAdminAnyDatabase","readAnyDatabase","clusterAdmin"]})
{
"user" : "adm",
"pwd" : "8f1cf56da9da9e575e0c85ed1c5a4fba",
"roles" : [
"userAdminAnyDatabase",
"readAnyDatabase",
"clusterAdmin"
],
"_id" : ObjectId("52fc8bac719148744d185168")
}
>
>
> show dbs
Thu Feb 13 04:09:07.540 JavaScript execution failed: listDatabases failed:{
"note" : "not authorized for command: listDatabases on database admin",
"ok" : 0,
"errmsg" : "unauthorized"
} at src/mongo/shell/mongo.js:L46
>
>
>
> db.auth("adm","pwd")
1
mongos> show dbs
admin 0.046875GB
config 0.046875GB
test 0.0625GB
mongos>
 
[root@host-name bin]$ ./mongo localhost:10000/admin --username adm --password
MongoDB shell version: 2.4.5
Enter password:
connecting to: localhost:10000/admin
mongos>
mongos>
 
 
 
 
[root@host-name bin]$ ./mongo localhost:27010/admin
MongoDB shell version: 2.4.5
connecting to: localhost:27010/admin
shard:PRIMARY>
shard:PRIMARY>
shard:PRIMARY> db.addUser({user:"adm",pwd:"pwd",roles:["userAdminAnyDatabase","readAnyDatabase","clusterAdmin"]})
{
"user" : "adm",
"pwd" : "8f1cf56da9da9e575e0c85ed1c5a4fba",
"roles" : [
"userAdminAnyDatabase",
"readAnyDatabase",
"clusterAdmin"
],
"_id" : ObjectId("52fc8c036c06bfb2b968828c")
}
>
>
>
>
>
> use admin
switched to db admin
> show dbs
Thu Feb 13 04:10:38.596 JavaScript execution failed: listDatabases failed:{ "ok" : 0, "errmsg" : "unauthorized" } at src/mongo/shell/mongo.js:L46
>
>
>
> db.auth("adm","pwd")
1
shard:PRIMARY>
shard:PRIMARY>
shard:PRIMARY>
shard:PRIMARY>
shard:PRIMARY> show dbs
admin 0.0625GB
local 0.09375GB
test 0.0625GB
shard:PRIMARY>
 
 
[root@host-name bin]$ ./mongo localhost:27011/admin --username adm --password
MongoDB shell version: 2.4.5
Enter password:
connecting to: localhost:27011/admin
shard:SECONDARY>
bye
 
 
[root@host-name bin]$ ./mongo localhost:27011/admin --username adm --password
MongoDB shell version: 2.4.5
Enter password:
connecting to: localhost:27011/admin
shard:SECONDARY>
shard:SECONDARY>
 
 
Suggest me for any changes to the process.
Creating a user manually with a INSERT statement in MongoDB.
 
 
The internal MongoDB password is generated using the algorithm:
 
md5(<username>:mongo:<password)
 
So in order to create a new MongoDB user with a pre-defined hashed password you need to first find the password hash and use that, for example for user “new_mongod_su” with password “adminpwd”:
 
rs0:PRIMARY> hex_md5("new_mongod_su:mongo:adminpwd")
08791348e58e206d75daf8df555f5f40
rs0:PRIMARY> db.system.users.insert({"user" : "new_mongod_su", "pwd" : "08791348e58e206d75daf8df555f5f40", "roles" : [ "userAdminAnyDatabase", "dbAdminAnyDatabase", "clusterAdmin", "readWriteAnyDatabase" ] } )
rs0:PRIMARY> exit
bye
hostname-P> mongo hostname:8526/admin --username new_mongod_su --password adminpwd
MongoDB shell version: 2.4.5
connecting to: hostname:8526/admin
rs0:PRIMARY> db.system.users.find({user:"new_mongod_su"})
{ "_id" : ObjectId("52fde2c8664665ae24e00bb4"), "user" : "new_mongod_su", "pwd" : "08791348e58e206d75daf8df555f5f40", "roles" : [ "userAdminAnyDatabase", "dbAdminAnyDatabase", "clusterAdmin", "readWriteAnyDatabase" ] }

  • Ask Question